Nasty WordPress plugin vulnerabilities puts over a million sites at risk

Unbreakable Lock
(Image credit: KAUST)
Audio player loading…

Two vulnerabilities in the popular Ninja Forms WordPress plugin (opens in new tab) could’ve enabled threat actors to export sensitive information and send phishing (opens in new tab) emails from a vulnerable site, report security researchers.

In their breakdown (opens in new tab) of the vulnerability, cybersecurity (opens in new tab) researchers from Wordfence (opens in new tab), which develops security solutions to protect WordPress (opens in new tab) installations, note that Ninja Forms boasts of an installation base of over one million websites.

The researchers explain that the vulnerabilities existed because the popular form building plugin (opens in new tab) relied on an insecure implementation of the mechanism that checks a user’s permissions.

The insecure implementation meant that instead of ensuring a logged-in user had the right permissions to trigger the associated action, the function only checked if the user was in fact logged-in or not, and nothing else.

Who is it?

One of the issues, a bulk submission export vulnerability, could enable any logged-in user, irrespective of their permissions level, to export everything that had ever been submitted to one of the site’s forms. 

The other issue enabled any user to send an email from a vulnerable WordPress website to any email address. 

“This vulnerability could easily be used to create a phishing campaign that could trick unsuspecting users into performing unwanted actions by abusing the trust in the domain that was used to send the email,” suggests Wordfence, adding that it could also be used to trick the website’s admins as well to facilitate a site takeover campaign.

Wordfence responsibly disclosed the vulnerability to Ninja Forms on August 3, 2021, who acknowledged it immediately and released a patch earlier this month in the form of Ninja Forms v3.5.8.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.